squareops
diff --git a/‎.gitignore
Lines changed: 24 additions & 7 deletions b/‎.gitignore
Lines changed: 24 additions & 7 deletions
diff --git a/‎.pre-commit-config.yaml
Lines changed: 20 additions & 16 deletions b/‎.pre-commit-config.yaml
Lines changed: 20 additions & 16 deletions
diff --git a/‎.tflint.hcl
Lines changed: 21 additions & 43 deletions b/‎.tflint.hcl
Lines changed: 21 additions & 43 deletions
diff --git a/‎IAM.md
Lines changed: 0 additions & 2 deletions b/‎IAM.md
Lines changed: 0 additions & 2 deletions
diff --git a/‎LICENSE
Lines changed: 1 addition & 1 deletion b/‎LICENSE
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md
Lines changed: 22 additions & 31 deletions b/‎README.md
Lines changed: 22 additions & 31 deletions
@@ -1,15 +1,32 @@
-*.tfstate
-*.tfstate.*
-.terraform*
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 *.out
 *.lock
 *.tfvars
 *.pem
-vars
+*.txt
+
+# Local .terraform directories
 **/.terraform/*
+.terraform*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
 override.tf
-override.tf.*
+override.tf.json
 *_override.tf
-*_override.tf.*
+*_override.tf.json
+
+# Ignore CLI configuration files
+.terraformrc
 terraform.rc
-*.txt
 
@@ -1,22 +1,26 @@
 repos:
-  - repo: https://github.com/squareops/pre-commit
-    rev: v0.1.12
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.1.0
     hooks:
-      - id: terraform-fmt
-      - id: terraform-validate
-      - id: tflint
-        args:
-          # - "--module"
-          - "--config=.tflint.hcl"
+      - id: trailing-whitespace
+        args: ['--markdown-linebreak-ext=md']
+      - id: end-of-file-fixer
+      - id: check-merge-conflict
+      - id: detect-private-key
+      - id: detect-aws-credentials
+        args: ['--allow-missing-credentials']
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.74.0
+    rev: v1.77.0
     hooks:
+      - id: terraform_fmt
       - id: terraform_docs
         args:
-          - --hook-config=--add-to-existing-file=true   
-          - --hook-config=--create-file-if-not-exist=true
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
-    hooks:
-      - id: check-merge-conflict
-      - id: end-of-file-fixer
+          - '--args=--lockfile=false'
+      - id: terraform_tflint
+        args:
+          - --args=--config=.tflint.hcl
+      - id: terraform_tfsec
+        files: ^examples/ # only scan `examples/*` which are the implementation
+        args:
+          - --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml
+          - --args=--concise-output
@@ -1,15 +1,13 @@
 plugin "aws" {
     enabled = true
-    version = "0.14.0"
+    version = "0.21.1"
     source  = "github.com/terraform-linters/tflint-ruleset-aws"
 }
-
 config {
 #Enables module inspection
-module = true
+module = false
 force = false
 }
-
 # Required that all AWS resources have specified tags.
 rule "aws_resource_missing_tags" {
   enabled = true
@@ -18,95 +16,75 @@ rule "aws_resource_missing_tags" {
     "Environment",
   ]
 }
-
 # Disallow deprecated (0.11-style) interpolation
 rule "terraform_deprecated_interpolation" {
-enabled = true
+  enabled = true
 }
- 
 # Disallow legacy dot index syntax.
 rule "terraform_deprecated_index" {
-enabled = true
+  enabled = true
 }
- 
 # Disallow variables, data sources, and locals that are declared but never used.
 rule "terraform_unused_declarations" {
-enabled = true
+  enabled = true
 }
- 
 # Disallow // comments in favor of #.
 rule "terraform_comment_syntax" {
-enabled = false
+  enabled = false
 }
- 
 # Disallow output declarations without description.
 rule "terraform_documented_outputs" {
-enabled = true
+  enabled = true
 }
- 
 # Disallow variable declarations without description.
 rule "terraform_documented_variables" {
-enabled = true
+  enabled = true
 }
- 
 # Disallow variable declarations without type.
 rule "terraform_typed_variables" {
-enabled = true
+  enabled = true
 }
- 
 # Disallow specifying a git or mercurial repository as a module source without pinning to a version.
 rule "terraform_module_pinned_source" {
-enabled = true
+  enabled = true
 }
- 
 # Enforces naming conventions
 rule "terraform_naming_convention" {
-enabled = true
- 
+  enabled = true
 #Require specific naming structure
 variable {
-format = "snake_case"
+  format = "snake_case"
 }
- 
 locals {
-format = "snake_case"
+  format = "snake_case"
 }
- 
 output {
-format = "snake_case"
+  format = "snake_case"
 }
- 
 #Allow any format
 resource {
-format = "none"
+  format = "none"
 }
- 
 module {
-format = "none"
+  format = "none"
 }
- 
 data {
-format = "none"
+  format = "none"
 }
- 
 }
- 
 # Disallow terraform declarations without require_version.
 rule "terraform_required_version" {
-enabled = true
+  enabled = true
 }
- 
 # Require that all providers have version constraints through required_providers.
 rule "terraform_required_providers" {
-enabled = true
+  enabled = true
 }
- 
 # Ensure that a module complies with the Terraform Standard Module Structure
 rule "terraform_standard_module_structure" {
-enabled = true
+  enabled = true
 }
- 
 # terraform.workspace should not be used with a "remote" backend with remote execution.
 rule "terraform_workspace_remote" {
-enabled = true
+  enabled = true
 }
@@ -1,7 +1,6 @@
 
 ## IAM Permission
 
-<!-- BEGINNING OF PRE-COMMIT-PIKE DOCS HOOK -->
 The Policy required to deploy this module is:
 
 ```json
@@ -200,4 +199,3 @@ The Policy required to deploy this module is:
 }
 
 ```
-<!-- END OF PRE-COMMIT-PIKE DOCS HOOK -->
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2023 SquareOps Technologies Pvt. Ltd. 
+   Copyright 2023 SquareOps Technologies Pvt. Ltd.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
 
@@ -3,32 +3,28 @@
 
 ![squareops_avatar]
 
-[squareops_avatar]: https://squareops.com/img/home1/Squareops_logo.jpg
+[squareops_avatar]: https://squareops.com/wp-content/uploads/2022/12/squareops-logo.png
 
 ### [SquareOps Technologies](https://squareops.com/) Provide end to end solution for all your DevOps needs
 
 <br>
 
-
 Terraform module to create Networking resources for workload deployment on AWS Cloud.
 
-<br>
-
 ## Usage Example
 
 ```hcl
 
 module "key_pair_vpn" {
-  source             = "squareops/terraform-aws-ec2-keypair"
-  region             = us-east-1
-  environment        = production
-  key_name           = format("%s-%s-vpn", production, skaf)
-  ssm_parameter_path = format("%s-%s-vpn", production, skaf)
+  source             = "squareops/keypair/aws"
+  environment        = "production"
+  key_name           = format("%s-%s-vpn", "production", "skaf")
+  ssm_parameter_path = format("%s-%s-vpn", "production", "skaf")
 }
 
 
 module "vpc" {
-  source = "squareops/terraform-aws-network"
+  source = "squareops/vpc/aws"
 
   environment                                     = "production"
   name                                            = "skaf"
@@ -48,13 +44,13 @@ module "vpc" {
   flow_log_cloudwatch_log_group_retention_in_days = 90
 
 }
-
-
 ```
 Refer [examples](examples) for all examples.
 
 ## Important Note
-To prevent destruction interruptions, any resources that have been created outside of Terraform and attached to the resources provisioned by Terraform must be deleted before the module is destroyed. 
+To prevent destruction interruptions, any resources that have been created outside of Terraform and attached to the resources provisioned by Terraform must be deleted before the module is destroyed.
+
+The private key generated by Keypair module will be stored in AWS Systems Manager Parameter Store. FOr more details refer [this](https://registry.terraform.io/modules/squareops/keypair/aws)
 
 ## Network Scenarios
 
@@ -70,7 +66,7 @@ This module supports three scenarios to create Network resource on AWS. Each wil
   - `enable_public_subnet  = true`
   - `enable_private_subnet = true`
 
-- **complete-vpc-with-vpn:** To create a VPC with public, private, database and intra subnets along with an IGW and NAT gateway. Jump server/Bastion Host is also configured. 
+- **complete-vpc-with-vpn:** To create a VPC with public, private, database and intra subnets along with an IGW and NAT gateway. Jump server/Bastion Host is also configured.
   - `vpc_cidr               = local.vpc_cidr`
   - `enable_public_subnet   = true`
   - `enable_private_subnet  = true`
@@ -94,32 +90,32 @@ The required IAM permissions to create resources from this module can be found [
 
 To configure Pritunl VPN:
 
-      1. Access the Pritunl UI using the public IP of EC2 instance in browser
-      2. Get the initial key, user and password for setting up Pritunl from Secret Manager and log in to Pritunl.
+      1. Access the Pritunl UI over HTTPS using the public IP of EC2 instance in browser
+      2. Retrieve the initial key, user and password for setting up Pritunl from AWS Secrets Manager and log in to Pritunl.
       3. Create a DNS record mapping to the EC2 instance's public IP
       4. After login, in the Initial setup window, add the record created in the 'Lets Encrypt Domain' field.
       5. Pritunl will automatically configure a signed SSL certificate from Lets Encrypt.
       6. Add organization and user to pritunl.
       7. Set server port as 10150 which is already allowed from security group while creating vpn.
       8. Attach organization to the server and Start the server.
-      9. Copy or download user profile link or file. 
+      9. Copy or download user profile link or file.
      10. Import the profile in Pritunl client.
-    
+
     NOTE: Port 80 should be open publicly in the vpn security group to verify and renewing the domain certificate.
 
-# CIS COMPLIANCE 
+# CIS COMPLIANCE
 
-- Follows the VPC recommendations of CIS Amazon Web Services Foundations Benchmark v1.4.0 
+- Follows the VPC recommendations of CIS Amazon Web Services Foundations Benchmark v1.4.0
 
 [ 5. NETWORKING ]
 
-5.1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote 
+5.1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote
 server administration ports (Automated)
 
-5.2 Ensure no security groups allow ingress from 0.0.0.0/0 to remote 
+5.2 Ensure no security groups allow ingress from 0.0.0.0/0 to remote
 server administration ports (Automated)
 
-5.3 Ensure the default security group of every VPC restricts all traffic 
+5.3 Ensure the default security group of every VPC restricts all traffic
 (Automated)
 
 
@@ -135,7 +131,7 @@ server administration ports (Automated)
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.31.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.23 |
 
 ## Modules
 
@@ -154,7 +150,7 @@ server administration ports (Automated)
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_azs"></a> [azs](#input\_azs) | List of Availability Zone to be used by VPC | `list(any)` | `[]` | no |
+| <a name="input_azs"></a> [azs](#input\_azs) | List of Availability Zone to be used by VPC | `list(any)` | n/a | yes |
 | <a name="input_database_subnet_cidrs"></a> [database\_subnet\_cidrs](#input\_database\_subnet\_cidrs) | Database Tier subnet CIDRs to be created | `list(any)` | `[]` | no |
 | <a name="input_default_network_acl_ingress"></a> [default\_network\_acl\_ingress](#input\_default\_network\_acl\_ingress) | List of maps of ingress rules to set on the Default Network ACL | `list(map(string))` | <pre>[<br>  {<br>    "action": "deny",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 22,<br>    "protocol": "tcp",<br>    "rule_no": 98,<br>    "to_port": 22<br>  },<br>  {<br>    "action": "deny",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 3389,<br>    "protocol": "tcp",<br>    "rule_no": 99,<br>    "to_port": 3389<br>  },<br>  {<br>    "action": "allow",<br>    "cidr_block": "0.0.0.0/0",<br>    "from_port": 0,<br>    "protocol": "-1",<br>    "rule_no": 100,<br>    "to_port": 0<br>  },<br>  {<br>    "action": "allow",<br>    "from_port": 0,<br>    "ipv6_cidr_block": "::/0",<br>    "protocol": "-1",<br>    "rule_no": 101,<br>    "to_port": 0<br>  }<br>]</pre> | no |
 | <a name="input_enable_database_subnet"></a> [enable\_database\_subnet](#input\_enable\_database\_subnet) | Set true to enable database subnets | `bool` | `false` | no |
@@ -170,7 +166,6 @@ server administration ports (Automated)
 | <a name="input_one_nat_gateway_per_az"></a> [one\_nat\_gateway\_per\_az](#input\_one\_nat\_gateway\_per\_az) | Set to true if a NAT Gateway is required per availability zone for Private Subnet Tier | `bool` | `false` | no |
 | <a name="input_private_subnet_cidrs"></a> [private\_subnet\_cidrs](#input\_private\_subnet\_cidrs) | A list of private subnets CIDR to be created inside the VPC | `list(any)` | `[]` | no |
 | <a name="input_public_subnet_cidrs"></a> [public\_subnet\_cidrs](#input\_public\_subnet\_cidrs) | A list of public subnets CIDR to be created inside the VPC | `list(any)` | `[]` | no |
-| <a name="input_region"></a> [region](#input\_region) | Specify the region in which VPC will be created | `string` | `"us-east-1"` | no |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The CIDR block of the VPC | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_vpn_key_pair"></a> [vpn\_key\_pair](#input\_vpn\_key\_pair) | Specify the name of AWS Keypair to be used for VPN Server | `string` | `""` | no |
 | <a name="input_vpn_server_enabled"></a> [vpn\_server\_enabled](#input\_vpn\_server\_enabled) | Set to true if you want to deploy VPN Gateway resource and attach it to the VPC | `bool` | `false` | no |
@@ -181,15 +176,11 @@ server administration ports (Automated)
 | Name | Description |
 |------|-------------|
 | <a name="output_database_subnets"></a> [database\_subnets](#output\_database\_subnets) | List of IDs of database subnets |
-| <a name="output_intra_subnets"></a> [intra\_subnets](#output\_intra\_subnets) | Intra Subnet IDs |
+| <a name="output_intra_subnets"></a> [intra\_subnets](#output\_intra\_subnets) | List of IDs of Intra subnets |
 | <a name="output_private_subnets"></a> [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets |
 | <a name="output_public_subnets"></a> [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets |
-| <a name="output_region"></a> [region](#output\_region) | AWS Region for the VPC |
 | <a name="output_vpc_cidr_block"></a> [vpc\_cidr\_block](#output\_vpc\_cidr\_block) | IPV4 CIDR Block for this VPC |
 | <a name="output_vpc_id"></a> [vpc\_id](#output\_vpc\_id) | The ID of the VPC |
 | <a name="output_vpn_host_public_ip"></a> [vpn\_host\_public\_ip](#output\_vpn\_host\_public\_ip) | IP Address of VPN Server |
 | <a name="output_vpn_security_group"></a> [vpn\_security\_group](#output\_vpn\_security\_group) | Security Group ID of VPN Server |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-
-
-
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,6 @@`
`1`	`1`
`2`	`2`	`## IAM Permission`
`3`	`3`
`4`		`-<!-- BEGINNING OF PRE-COMMIT-PIKE DOCS HOOK -->`
`5`	`4`	`The Policy required to deploy this module is:`
`6`	`5`
`7`	`6`	```json
`@@ -200,4 +199,3 @@ The Policy required to deploy this module is:`
`200`	`199`	`}`
`201`	`200`
`202`	`201`	```
`203`		`-<!-- END OF PRE-COMMIT-PIKE DOCS HOOK -->`